Debian GNU/Linux 2.1: Critical Advisory for Lpr Exploits
debian
December 13, 1999
The version of lpr that was distributed with Debian GNU/Linux 2.1
suffers from a couple of problems:
* there was a race in lpr that could be exploited by users to print files they
...
Summary
The version of lpr that was distributed with Debian GNU/Linux 2.1
suffers from a couple of problems:
* there was a race in lpr that could be exploited by users to print files they
can not normally read
* lpd did not check permissions of queue-files. As a result by using the -s
flag it could be tricked into printing files a user can otherwise not read
This has been fixed in version 0.46-1-0slink1. We recommend you upgrade
your lpr package immediately.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.1 alias slink
This version of Debian was released only for Intel, the Motorola
680x0, the alpha and the Sun sparc architecture.
Source archives:
-1-0slink1.diff.gz
MD5 checksum: 892fe5abc2394acff065155fdfcadcaa
-1-
0slink1.dsc
MD5 checksum: 672509df5c5c611c26e80ba76bb11bf4
-
1.orig.tar.gz
MD5 checksum: 6e4b198d7d5db3c6da743de95207bf61
Alpha architecture:
alpha/lpr_0.46-1-0slink1_alpha.deb
...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!